No company is immune to every sophisticated attack. For example, any company might face a takedown by zero-day vulnerabilities or nonstandard, complex tools. To successfully repel an advanced attack and minimize negative consequences, prepare today for the challenges your cybersecurity team could encounter tomorrow.
Predicting a specific attack is, of course, impossible, so our colleagues decided to study the experiences of other companies, interviewing representatives of a variety of companies for our IT Security Economics 2021 report. What the respondents had in common was they had all suffered complex cyberincidents.
Here are the Top 5 concerns the respondents reported:
1.Insufficient infrastructure visibility
Logically enough, without full visibility of the infrastructure, threat search and elimination is nearly impossible. Even fairly complex incidents can go unnoticed by cyberdefenders for quite some time. Moreover, reacting without a full understanding of the situation can worsen matters.
Countermeasures. When it comes to providing infrastructure visibility, consider Endpoint Detection and Response–class solutions.
2.Lack of coordination
Disparate teams leaping into action instead of coordinating first tends to increase damage and complicate investigation. Teams can also unintentionally hinder one another (for example, IS may try to isolate the infected server from the network while IT is fighting to keep it available).
Countermeasures. Develop a contingency plan in advance, and appoint someone to be responsible for implementing it.
3.Lack of qualified personnel
The market continues to suffer from a shorta
ge of infosec experts, so it is hardly surprising that companies cite as a major challenge the lack of properly trained personnel able to identify threats and respond to critical incidents.
Countermeasures. If in-house expertise is lacking, bring in outside teams to perform both incident response and continuous monitoring and threat hunting.
4.Failure to identify real threats among multiple signals
It’s bad if your security system fails to spot dangerous symptoms in the infrastructure, but not much better if it sees too many. Alerts about real threats can get lost among thousands of diverse incidents, each of which wastes analysts’ attention and other valuable resources. In a complex network, that’s a very real problem.
Countermeasures. Use comprehensive cybersecurity framework with built-in technologies that help to prioritize truly critical incidents.